forked from pool/libgcrypt
c1ef8148bf
- disabled curve P-192 in FIPS mode (bnc#896202) * added libgcrypt-fips_ecdsa.patch - don't use SHA-1 for ECDSA in FIPS mode - also run the fips self tests only in FIPS mode - run the fips self tests at the constructor code * added libgcrypt-fips_run_selftest_at_constructor.patch - rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216) * added libgcrypt-fips-dsa.patch * install fips186_dsa - use 2048 bit keys in selftests_dsa OBS-URL: https://build.opensuse.org/request/show/250747 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=63
31 lines
1.3 KiB
Diff
31 lines
1.3 KiB
Diff
Index: libgcrypt-1.6.1/cipher/ecc-curves.c
|
|
===================================================================
|
|
--- libgcrypt-1.6.1.orig/cipher/ecc-curves.c 2014-01-29 10:48:38.000000000 +0100
|
|
+++ libgcrypt-1.6.1/cipher/ecc-curves.c 2014-09-18 17:48:15.645814378 +0200
|
|
@@ -114,7 +114,7 @@ static const ecc_domain_parms_t domain_p
|
|
"0x6666666666666666666666666666666666666666666666666666666666666658"
|
|
},
|
|
{
|
|
- "NIST P-192", 192, 1,
|
|
+ "NIST P-192", 192, 0,
|
|
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
|
"0xfffffffffffffffffffffffffffffffeffffffffffffffff",
|
|
"0xfffffffffffffffffffffffffffffffefffffffffffffffc",
|
|
Index: libgcrypt-1.6.1/cipher/pubkey-util.c
|
|
===================================================================
|
|
--- libgcrypt-1.6.1.orig/cipher/pubkey-util.c 2013-12-16 18:44:32.000000000 +0100
|
|
+++ libgcrypt-1.6.1/cipher/pubkey-util.c 2014-09-18 18:27:24.928658758 +0200
|
|
@@ -593,7 +593,11 @@ _gcry_pk_util_init_encoding_ctx (struct
|
|
ctx->nbits = nbits;
|
|
ctx->encoding = PUBKEY_ENC_UNKNOWN;
|
|
ctx->flags = 0;
|
|
- ctx->hash_algo = GCRY_MD_SHA1;
|
|
+ if (fips_mode()) {
|
|
+ ctx->hash_algo = GCRY_MD_SHA256;
|
|
+ } else {
|
|
+ ctx->hash_algo = GCRY_MD_SHA1;
|
|
+ }
|
|
ctx->label = NULL;
|
|
ctx->labellen = 0;
|
|
ctx->saltlen = 20;
|